The Federal Bureau of Investigation (FBI) has warned about a rising cyber scam targeting users of Microsoft 365 services, including Outlook, Teams, and OneDrive. The attack uses a phishing tool, Kali365, to let hackers access accounts without stealing passwords or passing multi-factor authentication checks.
Security researchers have reported an increase in such attacks. The FBI has named Kali365 a ‘Phishing-as-a-Service’ platform that gives even inexperienced cybercriminals access to advanced hacking tools.
Unlike typical phishing attacks that target usernames and passwords, Kali365 focuses on OAuth device codes. These codes act as digital keys that let apps access user data without repeated password checks. When attackers capture these codes, they can enter Microsoft 365 accounts and use services such as email, cloud storage, and workplace communication tools.
“Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI stated.
Security experts say this stolen access can lead to data theft, financial fraud, extortion, and ransomware attacks. The FBI also confirmed the platform provides AI-generated phishing messages, ready-made attack templates, and tools to track targets in real time.
The attack starts with a phishing email that looks similar to a message from a trusted cloud or file-sharing service. It includes a device verification code and asks the user to open a real Microsoft verification page. The website is genuine, which makes the request appear authentic. Once the user enters the code, the attacker receives the authentication token linked to the account.
This single step offers hackers access to Microsoft 365 services without a password or extra verification. This method is more difficult to detect than older phishing scams that use fake login pages.
According to cybersecurity firm Bitdefender, Kali365 first appeared publicly in April 2026 and has mostly been promoted through Telegram channels. The service works on a subscription model, costing nearly $250 per month or $2,000 a year.
Security researchers say the low price makes advanced phishing tools available to more criminals. Reports also suggest that hundreds of attacks linked to Kali365 were seen in April alone.
The FBI has asked users not to open or respond to unwanted emails that request verification codes or account login details. It also advised people to check email addresses, links, and message content carefully before taking any action. Security experts recommend avoiding attachments from unknown senders and confirming requests directly with the organization involved.
Anyone who thinks their account has been hacked should check active sessions, look for unknown devices, and report the issue to the FBI’s Internet Crime Complaint Center. The warning also shows a shift in cybercrime methods, with attackers now targeting authentication systems rather than passwords. This makes multi-factor authentication difficult to rely on as the only layer of protection.
Cybersecurity experts say attacks that target authentication tokens are increasing as criminals try to bypass standard security systems. The FBI’s latest warning shows growing concern about these methods and their possible impact on millions of Microsoft 365 users.
Also Read: OpenAI Takes on Anthropic with AI-Driven Cybersecurity Platform ‘Daybreak’